0

Bypass DNS settings

Hi, I work for a government office, specifically in the IT department, we have a Tp Link TL-WR840N, which has 192.168.18.1 as its ip address, I recently used NextDNS service to block social media websites on the network to avoid employees being unproductive and it works well, but there's a detail I need to talk about. When I open my network adapter settings on my computer and click on the properties tab and then type 8.8.8.8 on my primary dns and 8.8.4.4 as my secondary one, all the sites that I blocked using NextDNS service will open up and successfully access to them. I really don't like the idea that if some users on the network have administrator privileges on their computers can manipulate their network adapters and have the opportunity to insert other dns protocols so they can bypass this service. Any solution to this?

Best regards

3 replies

null
    • fresh_hall4038
    • 4 wk ago
    • Reported - view

    You can't be surprised that changing DNS server is... changing DNS server.

    That's just how DNS works.

      • SysAdmin.1
      • 3 wk ago
      • Reported - view

       Well, thats a no brainer I guess.

    • Span
    • 4 wk ago
    • Reported - view

    The problem here is users having admin access, do they need permanent admin access? If not then the IT department should engage in a project to identify these users and downgrade their access.

    This will solve this and also prevent other problems in future.

    If they need temporary admin access to install something then they get on a video call with an admin, who first verifies the software is approved and then they get on a video call where the admin controls the user's computer and does the installation. It's more work but it shouldn't happen too often.

    Read up on the principle of least privilege: https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege

Login to reply

Content aside

  • 3 wk agoLast active
  • 3Replies
  • 182Views
  • 3 Following